turbot/gcp_compliance

Query: logging_bucket_retention_policy_enabled

Usage

powerpipe query gcp_compliance.query.logging_bucket_retention_policy_enabled

SQL

select
s.self_link resource,
case
when b.retention_policy is not null
and b.retention_policy ->> 'isLocked' = 'true' then 'ok'
else 'alarm'
end as status,
case
when b.retention_policy is not null
and b.retention_policy ->> 'isLocked' = 'true' then s.title || '''s logging bucket ' || b.name || ' has retention policies configured.'
else s.title || '''s logging bucket ' || b.name || ' has retention policies not configured.'
end as reason,
s.project as project
from
gcp_storage_bucket b
join gcp_logging_sink s on (
split_part(s.destination, '/', 1) = 'storage.googleapis.com'
and split_part(s.destination, '/', 2) = b.name
);

Controls

The query is being used by the following controls: